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Abstract: The amount of data stored online about individual users is 

growing, and users should beware that data they share with one 
recipient may well appear at other sites. However, there are 
some limits on how personal information may be stored and 
retrieved. Cookies allow a specific Web site to store personal 
information on a specific user. The cookie can then use this 
information the next time the user visits the site to create 
lists of new sites that the user might find interesting. 
However, the cookies can only be created if users specifically 
give them the personal data, which is stored at only the one 
Web site and is not accessible by other Web servers. 
Similarly, E-mail addresses are protected unless users give 
them out . Web browsers cannot collect the addresses from a 
site unless users have registered with the site and given an 
E-mail address. 
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In two recent columns, we used the increased use of cookies by Web sites 
as the starting point for discussions of some online privacy issues. 
Several readers sent E-mail taking us to task for some of the statements 
in those columns, and those folks raised some good points; we should have 
been more clear in a few areas . 



Though we have not changed our conclusions, we do need to thank these 
readers and set the record straight. 

Nate Cobb, a Webmaster at Join Together Online, wrote to summarize a key 
limitation of cookies. "There is absolutely no way for a server to set a 
cookie containing a user's personal information without first requesting 
that information from the user. That information (E-mail address, gender, 
age and so forth) can either be stored locally on the server or remotely 
in a cookie; its location is a moot point. The cookie data is not 
accessible to any other Web site." 

Nate is- correct: Cookies have no way of getting user information on the 
sly. Cookies just let a site store information it might find usef^ll the 
next time you visit. For example, a site might store the URLs of pages 
you've seen. The next time you visit, the site can use that data to show 
you new pages. Cookie data contains a tag with the name of the storing 
site, so no other site can .get that data. 

Sites can learn a limited amount about your computing 
environment- -primarily what operating system and browser you're 
running- -by asking your browser. 
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One of the most important pieces of data about your computing setup is 
your E-mail ID. We said browsers could supply that ID to any site that 
requested it . 

Danny Goodman, the author of "Danny Goodman's JavaScript Handbook," wrote 
to correct that statement. "Your comments about collating E-mail 
addresses with cookie data will lead readers to think that cookies or 
servers somehow steal E-mail addresses. Unless you register with a site 
and knowingly supply an E-mail address for yourself, there is no 
surreptitious E-mail address reading possible, as far as I have seen. 
While early versions of Navigator 2.0 (2.0 and 2.01) allowed JavaScript 
to quietly submit a form to a mailTo: URL, this has since been shut down 
(beginning with 2.02), and only an explicit Submit button may initiate 
such a transaction." 

Danny's right to note that the latest versions of Netscape's Navigator 
fix this problem (as if you needed more incentive to download more 
software) . We do not know if any other browsers have the same or similar 
problems, but regardless, we do not expect such problems to last long in 
any browser. As Hate said, "Bluntly speaking, security holes are not 
realistically a method anyone can or will use to collect user 
information." Vendors tend to close holes quickly, so they tend not to be 
useful for long. 

Despite a few errors and out-of-date information, we stand by our 
conclusions. The amount of online data about each of us is growing, and 
we should all decide now just how much data we want to share and act 
accordingly. We should also all be aware that information we give in one 
online place may well crop up in others. 

There, we feel cleansed. Please do send us mail when you think we're 
wrong. If we are, we'll say so. 

You can reach Mark Van Name and Bill Catchings via the Internet at 
mark--van--name@zd.com and bill--catchings@zd.com. 
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